Log message:
security fix update for suse131_libcurl.
openSUSE Security Update: curl
______________________________________________________________________________
Announcement ID: openSUSE-SU-2014:1139-1
Rating: important
References: #894575 #895991
Cross-References: CVE-2014-3613 CVE-2014-3620
Affected Products:
openSUSE 13.1
openSUSE 12.3
______________________________________________________________________________
An update that fixes two vulnerabilities is now available.
Description:
libcurl was updated to fix security issues:
CVE-2014-3613: Cookies for hosts specified by numeric IP could be assigned
or used for other numeric IP hosts if portions of the numerics were the
same.
CVE-2014-3620: libcurl allowed cookies to be set for toplevel domains,
making them to broad.